Webサービス
SOAP vs REST
SOAPサンプル
URL
http://api.xxx.com/services/add?WSDL
Request
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:q0="http://webservice.test.com"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<q0:add>
<q0:a>10</q0:a>
<q0:b>20</q0:b>
</q0:add>
</soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<addResponse xmlns="http://webservice.test.com">
<addReturn>30</addReturn>
</addResponse>
</soapenv:Body>
</soapenv:Envelope>
★RESTful API Specification
・RAML (RESTful API Modeling Language)
・OAS (Swagger)
・API Blueprint
YAML形式
#%RAML 1.0
title: Employees API
baseUri: http://example.com/api/{version}
version: v1
/employees:
get:
description: Retrieve a list of all employees
responses:
200:
body:
application/json:
example: |
{
"firstName" : "John",
"lastname" : "Smith"
}
post:
body:
application/json:
example: |
{
"firstName" : "John",
"lastname" : "Smith"
}
/{employeeID}:
put:
body:
application/json:
example: |
{
"firstName" : "John",
"lastname" : "Smith"
}
delete:
responses:
204:
description: The delete request has been successfully executed.
RESTサンプル
URL
http://api.xxx.com/services/add?&first=10&second=20&output=json&key=yourkey
Response
{
"results":30,
"status":"SUCCESS"
}
URL
http://api.xxx.com/services/add?&first=10&second=20&output=xml&key=yourkey
Response
<ResultResponse>
<results>30</results>
<status>SUCCESS</status>
</ResultResponse>
★Restfulリソースの表現形式
1.HTTPヘッダ
GET /user/123 HTTP/1.1
Accept: application/xml 或いは Accept: application/json
2.拡張子
/user/123.xml 或いは /user/123.json
3.引数
/user/123?format=xml 或いは /user/123?format=json
★クライアントからアクセスツール
http://code.google.com/p/rest-client/
★シェルからテスト
test.sh
base=http://localhost:8080/rest
for i in {1..20}; do
curl -i -H "Accept: application/json" -X PUT "$base/api/comment/create?author=Author$i&content=Content$i&postId=$((RANDOM % 3 + 1 ))"
done
★Representation of RESTful API
★RESTテスト用のフレームワーク
rest-assured
https://github.com/jayway/rest-assured/wiki/Usage
★設計の注意点
リソース間のアクセス権限をチェック
/ResourceA/<ResourceA Id>/ResourceB/<ResourceB Id>/ResourceC/<ResourceC Id>
Security Headers
HTML Frameに表示しない
X-Frame-Options: DENY
厳密にContent-Type
X-Content-Type-Options: nosniff
XSS防止
X-XSS-Protection: 1; mode=block
強制的にHTTPS通信
Strict-Transport-Security: max-age=<seconds>; includeSubDomains; preload
UUIDなどの推測できないものをIDとして利用
/users/<USER ID>
APIにアクセス回数を制限